Tag: router
-
âš¡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
by
in SecurityNews
Tags: attack, cybersecurity, exploit, finance, fraud, group, Hardware, malware, open-source, pypi, ransomware, router, supply-chain, threat, toolFrom sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week’s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source First…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 37
by
in SecurityNewsSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool Ragnar Loader Desert Dexter. Attacks on Middle Eastern countries Ballista New IoT Botnet Targeting Thousands of TP-Link Archer Routers Microsoft patches […]…
-
Cisco IOS XR flaw allows attackers to crash BGP process on routers
by
in SecurityNewsCisco addressed a denial of service (DoS) vulnerability that allows attackers to crash the Border Gateway Protocol (BGP) process on IOS XR routers. Cisco has addressed a denial of service (DoS) vulnerability, tracked as CVE-2025-20115, that could allow an unauthenticated, remote attacker to crash the Border Gateway Protocol (BGP) process on IOS XR routers by sending a single BGP…
-
Report on ransomware attacks on Fortinet firewalls also reveals possible defenses
by
in SecurityNews
Tags: access, attack, authentication, automation, backdoor, backup, ciso, control, credentials, cve, cybercrime, data, data-breach, defense, exploit, firewall, fortinet, group, infrastructure, Internet, lockbit, malicious, monitoring, network, password, radius, ransom, ransomware, risk, router, tactics, threat, tool, update, vpn, vulnerability, windowsSigns of intrusion: “This actor exhibits a distinct operational signature that blends elements of opportunistic attacks with ties to the LockBit ecosystem,” Forescout said in its analysis.”Mora_001’s relationship to the broader Lockbit’s ransomware operations underscores the increased complexity of the modern ransomware landscape where specialized teams collaborate to leverage complementary capabilities.”CISOs should note these consistent…
-
Juniper Addresses Router Flaw Actively-Exploited By Chinese Threat Group
First seen on scworld.com Jump to article: www.scworld.com/brief/juniper-addresses-router-flaw-actively-exploited-by-chinese-threat-group
-
Actively exploited Juniper router vulnerability addressed
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/actively-exploited-juniper-router-vulnerability-addressed
-
Chinese espionage group UNC3886 targets Juniper routers
by
in SecurityNewsAdvanced persistent threat group UNC3886 deployed custom backdoors on end-of-life Juniper Networks routers, underscoring the need for timely patching and advanced security monitoring First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366620812/Chinese-espionage-group-UNC3886-targets-Juniper-routers
-
Cisco IOS XR vulnerability lets attackers crash BGP on routers
by
in SecurityNewsCisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-vulnerability-lets-attackers-crash-bgp-on-ios-xr-routers/
-
5 Things To Know About China-Linked Juniper Router Attacks
by
in SecurityNewsJuniper Networks has released a fix for a Junos OS vulnerability, which Mandiant researchers say has been exploited by a China-based espionage group. First seen on crn.com Jump to article: www.crn.com/news/security/2025/5-things-to-know-about-china-linked-juniper-router-attacks
-
Old Juniper routers targeted by Chinese hackers to deploy various payloads
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/old-juniper-routers-targeted-by-chinese-hackers-to-deploy-various-payloads
-
Juniper patches bug that let Chinese cyberspies backdoor routers
by
in SecurityNewsJuniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/juniper-patches-bug-that-let-chinese-cyberspies-backdoor-routers-since-mid-2024/
-
Tenda AC7 Vulnerability Lets Hackers Execute Malicious Payloads for Root Access
by
in SecurityNewsA vulnerability has been discovered in the Tenda AC7 router, firmware version V15.03.06.44, which allows attackers to execute malicious payloads and gain root access. As per a report in Github, the vulnerability, identified through experimental setup and exploitation, revolves around a stack overflow issue in the formSetFirewallCfg function. This exploit is significant, as it not only enables…
-
China-Backed Hackers Backdoor US Carrier-Grade Juniper MX Routers
Mandiant researchers found the routers of several unnamed organizations (likely telcos and ISPs) were hacked by UNC3886, and contained a custom backdoor called TinyShell. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-hackers-backdoor-carrier-grade-juniper-mx-routers
-
Chinese Hacked Exploit Juniper Networks Routers to Implant Backdoor
by
in SecurityNewsCybersecurity researchers have uncovered a sophisticated cyber espionage campaign targeting critical network infrastructure, marking a significant evolution in tactics by Chinese state-sponsored hackers. Mandiant, a leading cybersecurity firm, has discovered multiple custom backdoors deployed on Juniper Networks’ routers, attributing the activity to a Chinese espionage group known as UNC3886. The backdoors provided attackers with persistent…
-
China-linked APT UNC3886 targets EoL Juniper routers
by
in SecurityNewsMandiant researchers warn that China-linked actors are deploying custom backdoors on Juniper NetworksJunos OS MX routers. In mid-2024, Mandiant identified custom backdoors on Juniper Networks’ Junos OS routers, and attributed the attacks to a China-linked espionage group tracked as UNC3886. These TINYSHELL-based backdoors had various capabilities, including active and passive access and a script to…
-
China continues cyberattacks on routers, this time targeting Juniper Networks devices
by
in SecurityNewsResearchers said the state-backed group dubbed UNC3886 was behind a campaign to deploy custom backdoors on the company’s Junos OS routers. First seen on therecord.media Jump to article: therecord.media/china-continues-attacks-routers-juniper
-
Thousands Of Vulnerable TP-Link Routers Targeted By Ballista Botnet
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/thousands-of-vulnerable-tp-link-routers-targeted-by-ballista-botnet
-
US lawmakers warn against China-made routers over cybersecurity risks
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/us-lawmakers-warn-against-china-made-routers-over-cybersecurity-risks
-
‘Ballista’ Botnet Exploits 2023 Vulnerability in TP-Link Routers
by
in SecurityNewsIn the past, the vulnerability was exploited to drop Mirai botnet malware. Today, it’s being used once more for another botnet campaign with its own malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/ballista-botnet-campaign-exploits-2023-vuln-tp-link-routers
-
Juniper MX routers targeted by China-nexus threat group using custom backdoors
The devices have reached end-of-life status and need to be upgraded, as the company has issued in a security advisory. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/juniper-routers-china–hacker-backdoor/742315/
-
Emerging botnet exploits TP-Link router flaw posing risk to US organizations
Ballista’s attacks on TP-Link devices comes as U.S. lawmakers consider banning the company’s products over suspected links to China. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/-botnet-exploits-tp-link-router/742319/
-
Chinese Cyber Espionage Group UNC3886 Backdoored Juniper Routers
by
in SecurityNewsUNC3886 hackers target Juniper routers with custom backdoor malware, exploiting outdated systems for stealthy access and espionage. Learn how to stay protected. First seen on hackread.com Jump to article: hackread.com/chinese-group-unc3886-backdoor-juniper-routers/
-
Mandiant Uncovers Custom Backdoors on EndLife Juniper Routers
by
in SecurityNewsChina-nexus cyberespionage group caught planting custom backdoors on end-of-life Juniper Networks Junos OS routers. The post Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/mandiant-uncovers-custom-backdoors-on-end-of-life-juniper-routers/
-
Previously unidentified botnet targets unpatched TP-Link Archer home routers
by
in SecurityNewsResearchers at Cato Networks said that during a recent investigation into router vulnerabilities, they discovered a new botnet, which they named Ballista, infecting TP-Link Archer devices. First seen on therecord.media Jump to article: therecord.media/ballista-botnet-tp-link-archer-routers
-
Expired Juniper routers find new life as Chinese spy hubs
by
in SecurityNewsFewer than 10 known victims, but Mandiant suspects others compromised, too First seen on theregister.com Jump to article: www.theregister.com/2025/03/12/china_spy_juniper_routers/
-
New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?
by
in SecurityNewsThe Ballista botnet is exploiting an unpatched TP-Link vulnerability, targeting over 6,000 Archer routers, Cato CTRL researchers warn. Cato CTRL researchers observed a new botnet, called Ballista botnet, which is exploiting a remote code execution (RCE) vulnerability, tracked as CVE-2023-1389 (CVSS score 8.8), in TP-Link Archer routers. The CVE-2023-1389 flaw is an unauthenticated command injection…
-
Chinese Cyberespionage Group Tied to Juniper MX Router Hacks
by
in SecurityNewsJuniper Networks Urges Immediate Updating and Malware Scans to Block Attackers. Hackers have been infecting outdated Juniper MX routers with backdoor malware as part of an apparent cyberespionage campaign that traces to a Chinese-affiliated hacking team tracked as UNC 3886, warned Google’s Mandiant incident response group. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-cyberespionage-group-tied-to-juniper-mx-router-hacks-a-27696